banner
miaoer

miaoer

喵二の小博客 https://www.miaoer.net xLog 分站
tg_channel
telegram
bilibili
HomeArchives

OpenWrt AdGuard Home Quick Experience Setup

#CatWrt#Openwrt823
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
AdGuard Home is a powerful, open-source DNS server that blocks ads and trackers. It is recommended to use it with specific plugins for better performance in domestic environments. The installation process involves using Cattools to install the AdGuard Home plugin on CatWrt firmware. Users should be cautious about log sizes to avoid system resets. The setup includes configuring listening interfaces and DNS servers, with options for upstream DNS servers like Google and OpenDNS. Users can customize their DNS settings, including enabling DNSSEC and setting cache sizes. A DNS blacklist can be created using various sources to enhance privacy and performance. For external access, users need to enable encryption settings and configure firewall rules to allow necessary ports. The guide also suggests linking with other plugins and provides tips for optimizing DNS performance, including adding specific domains to DNS rewrites to resolve latency issues.

Introduction#

AdGuard Home is a free and open-source, powerful DNS server for blocking ads and tracking across the entire network. In domestic environments, it can be used with plugins to achieve anti-pollution and DNS-level ad blocking. It is recommended to use it with oc, and do not use redirect mode in CatWrt; other firmware has not been tested, and this redirect will likely be ineffective after a few days.

This article will be relatively simple and easy to understand, allowing you to quickly get started with the powerful AdGuard Home plugin.

Recommended blogs:

Installation#

If your CatWrt does not have the AdGuard Home plugin installed, you can obtain the current CatWrt software source list through Cattools - Application Software Source (apply_repo), and then install it directly after obtaining it.

1

opkg install luci-app-adguardhome

Precautions#

In the early system CatWrt v23.8, the execution file path in the plugin is /usr/bin/AdGuardHome/AdGuardHome, while previous versions were /usr/bin/AdGuardHome, which may lead to an unpleasant experience. Please modify it accordingly.

It is not recommended to set a log size that is too large; 1-2 days is sufficient. If the system is reset in OpenWrt, it is likely due to the log being too large.

Initialization#

After v23.8, it is normal. Update kernel version, enable Restart when the network is ready after booting, then Enable and wait for the application to succeed. In the background, click to enter ADG initialization.

  • Step 1/5 Start Configuration

Listening interface: All interfaces, Port 3000
DNS server: All interfaces, Port 5335


  • Step 2/5 Next

Username: Custom /
Password: Custom /
Confirm Password: Custom

  • Step 3/5 Next
  • Step 4/5 Next
  • Step 5/5 Open Dashboard

DNS Settings#

Upstream DNS Servers#

tls://dns.google
tls://dns.opendns.com
tls://<UID>.dns.nextdns.io

Here, it is recommended to register and log in to dns.nextdns.io for decent speed; the free quota is sufficient for normal use. After registration, you will receive a dedicated DNS connection; replace <UID> accordingly.

The blogger here uses DoH to achieve good speed; it is not necessary to use DoT. The best option is what suits your network environment.

The reason for not using domestic DNS is that it may pollute the entire DNS pool. As mentioned, it is either all domestic or all foreign; if it is domestic, there is no need to fuss over AdGuard Home.

  • Parallel Requests

Bootstrap DNS Servers#

119.29.29.99
223.6.6.6
  • Apply

DNS Service Configuration#

Speed limit: 0

  • Enable EDNS Client Subnet

  • Enable DNSSEC

Intercept mode: Custom IP

Intercept IPv4: 127.0.0.1, Intercept IPv6: ::1

  • Apply

DNS Cache Configuration#

Cache size: Depends on the machine's memory size; I chose 64M, which is 64000000 bytes Calculator

Override minimum TTL value: 3600

Override maximum TTL value: 86400

  • Apply

General Settings#

Log Configuration#

Query log retention time: Depends on the machine's memory size; I chose 7 days. If your storage space is too small and there are too many devices, please shorten the log storage time.

Ignored Domains: Generally, these are domains with excessive requests, ignored to reduce storage pressure.

dataflow.biliapi.com
tracking.miui.com
  • Apply

Statistics Configuration#

Statistics Retention: Depends on the machine's memory size; I chose 7 days. This seems not to occupy too much storage space.

DNS Blacklist#

You can choose from several lists available online or provided by the official sources. Here, I mainly focus on cache acceleration, blocking trackers, and anti-pollution. I have written a custom rule that is suitable for most users and offers the best stability.

You can add a custom list by simply selecting an available link to add. To avoid connectivity issues for some users, please choose a few links.

https://cdn.jsdelivr.net/gh/miaoermua/AdguardFilter@main/rule.txt
https://fastly.jsdelivr.net/gh/miaoermua/AdguardFilter@main/rule.txt
https://raw.githubusercontent.com/miaoermua/AdguardFilter/main/rule.txt

You can also choose from the recommended rules in the official list, but it is not recommended as there may be false positives. If you need to use them, consider having someone monitor and handle network issues.

Encryption Settings#

You need to have a public IP (IPv4/v6) and ensure that the port is accessible. The encryption settings here allow you to use your AdGuard Home DNS on the external internet.

If there are no external requirements to use AdGuard Home, you can skip this step!

  • Enable Encryption (HTTPS, DNS-over-HTTPS, DNS-over-TLS)

Server name: This is your domain; set up dynamic domain name resolution (DDNS) here.

  • HTTPS Automatic Redirection

HTTPS port: Custom; this is the port for external access, which is related to the DoH port and H3 port, so please avoid 443!

DNS-over-TLS port and DNS-over-QUIC port should remain 853.

As for the certificate, you can upload your certificate files via sftp or scp and fill in the absolute directory, or directly copy the certificate content.

The pem file is the public key certificate, which is required to ensure the certificate chain is valid; the key file is the private key certificate, which is required to ensure the RSA private key is valid.

  • Apply

Then go to OpenWrt Network - Firewall - Communication Rules - Open Router Ports to allow the ports you set, such as the WebUI listening interface, DNS server port, HTTPS port, DoQ & DoT ports.

The WebUI listening interface is TCP; the others can use TCP+UDP.

  • Save and Apply

Interaction#

The interaction plugin oc-Meta overwrites settings to add the NameServer server address, which should be filled with your internal network address. The server port is 5335, and the server type is UDP.

Of course, you can use a domain name here, but you need to modify the hosts file of the system and the plugin; otherwise, if the IP address changes, the network will have issues. This will not be demonstrated here.

You can also set the Default-NameServer to 223.6.6.6 TLS.

It is not recommended to enable redirection for other plugins, as it may cause crashes. Using it alone without interaction with other plugins may be fine.

Want to interact with your phone? You can try using software that can modify DNS, such as Surfboard on Android and the oc-Meta kernel.

Resolving IPv6 Lag and Proxy#

Add the following domains to DNS rewrite:

chatgpt.com A
openai.com A
*.bilivideo.com A
*.hdslb.com A

This article is synchronized and updated to xLog by Mix Space. The original link is https://www.miaoer.net/posts/network/openwrt-adg

Footnotes#

  1. https://www.miaoer.net/posts/blog/cattools

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.